package com.cskaoyan.shiro.controller;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * @ClassName ShiroController
 * @Description: TODO
 * @Author 远志 zhangsong@cskaoyan.onaliyun.com
 * @Date 2023/5/19 14:50
 * @Version V1.0
 **/
@RestController
public class ShiroController {

    @Autowired
    SecurityManager securityManager;

    @RequestMapping("/admin/auth/login")
    public Object login(String username, String password){
        //需要进行认证操作
        SecurityUtils.setSecurityManager(securityManager);
        Subject subject = SecurityUtils.getSubject();
        UsernamePasswordToken token = new UsernamePasswordToken(username, password);
        try {
            subject.login(token);
        }catch (Exception e){
            System.out.println("error");
        }
        return "login";
    }

    @RequestMapping("/static/1.jpg")
    public Object staticImage(){
        return "staticImage";
    }

    @RequestMapping("/admin/auth/info")
    public Object info(){
        return "info";
    }

    //能否读取RequiresPermissions里面的值和RequestMapping里面的值
    //  /admin/category/read------admin:category:read权限映射关系
    @RequestMapping("/admin/category/read")
    @RequiresPermissions("admin:category:read")
    public Object category(){
        return "read";
    }
}
